Re: [RFC] FUSE permission modell (Was: fuse review bits)

From: Miklos Szeredi
Date: Tue Apr 12 2005 - 10:22:46 EST

Next message: Christoph Hellwig: "Re: Digi Neo 8: linux-2.6.12_r2 jsm driver"
Previous message: Miklos Szeredi: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
In reply to: Jamie Lokier: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Next in thread: Miklos Szeredi: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > With that, the desire for virtual filesystems which cannot be read
> > > by your sysadmin (by accident) is easy to satisfy - and that kind of
> > > mechanism would probably be acceptable to all.
> >
> > The problem is that this way the responsibility goes to the userspace
> > program, which can't be trusted.
>
> That does not make sense.
>
> Are you saying you cannot trust your own sshfs userspace daemon?

OK, I was not clear here. When I say it cannot be trusted I'm in my
sysadmin cap, not my user cap.

Hiding the mountpoint from root has dual purpose:

1) Sysadmin won't accidentaly spy on user's private files

2) User can't confuse sysadmin deliberately, by creating a
filesystem containing files he otherwise wouldn't be able to
create

For 1) your porposal makes sense, however for 2) it's useless, since
now the user doesn't want the hiding.

Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: Digi Neo 8: linux-2.6.12_r2 jsm driver"
Previous message: Miklos Szeredi: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
In reply to: Jamie Lokier: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Next in thread: Miklos Szeredi: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]